On 09/29/2010 10:25 AM, James McKeand wrote:
> Set the following rules on the LAN interface:
> 1) Block source IP 1.1.1.1 port any to destination IP any port 80 (http)
> 2) Block source IP 1.1.1.1 port any to destination IP any port 443 (https)
> 3) Block source IP 1.1.1.1 port any to destination IP any port 8000 (Proxies per Lee)
>
> He would still be able to browse a web page at 1.1.1.2 because it is on the same subnet and will
not go to the m0n0wall (i.e. the gateway of the 1.1.1.0 subnet). Also network browsing (i.e.
Windows' - My Network Places) would still work - it is not http.
>
> Rules should be on LAN interface not WAN...
You got it. A determined guy can still get out with VPN or something
similer, but that will lock it down fairly tight.
Lee